Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » networked clients going to web to get mail?
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
basic question: i've set up my clients on entourage 2004/mac osx as exchange accounts on the exchange server "mail.xxx.com". all clients are networked on an ethernet lan.

i'm wondering whether these clients are going through the internet to check mail, or do the connections remain local?

ordinarily i would simply change the exchange server to the local address for the kerio server, (ie 10.0.1.1) but in the certificate gets rejected when it does not match the internet hostname (ie mail.xxx.com).

i want to ensure the mail connections remain local, obviously, to ensure that they remain fast and secure.

thanks!
  •  
hmmfe

Messages: 4
Karma: 0
Send a private message to this user
Are your local clients getting DNS from an internal machine? If so, create an A record entry that points the certificate's host name to the internal address.
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
yes i have an "a" record pointing my internet hostname ("mail.xxx.cm") to my mail server's local ip (10.0.1.1), and it resolves correctly.

i'm just curious because my client (entourage) is reaching out to the internet via port 443 when i thought it should be looking only interally.
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
this is baffling me --

my internet hostname (in the domain section in setup) is different from my server's dns name.

internet hostname = mail.xyz.com
server's internal dns name = server.abc.com

i have external dns mx records pointing to my internet hostname, but obviously not to my server's name.

my clients (all networked to the server) have their incoming and outgoing mail server set to mail.xyz.com, and as a result they are all going thru the internet, outside the network, to get mail. this is no good!

here's my quandary: when i reset the internet hostname to the server's internal dns name, or to its internal ip (10.0.1.1), i have two problems: first, external users cannot access their mail. and second the certificate gets rejected. (even if i create a new certificate for server.abc.com, the email client will give a warning saying that it does not trust the old certificate for mail.xyz.com!)

so, the question is how do i configure kerio to allow internal users to get their mail on the network by connecting to the mail server directly without going through the internet?

yes, i created an "a" record in my internal dns to point "mail.xyz.com" to 10.0.1.1, but the problem was that internal users were then unable to reach the company website, which has the same name xyz.com

any help appreciated.
  •  
zwaugh

Messages: 5
Karma: 0
Send a private message to this user
So it sounds like everything works when you created an A record for mail.xyz.com in the internal DNS and point it to the internal IP, but the only problem is they can't access the public website? If so, in the zone for xyz.com on the internal DNS server, create A records for xyz.com and www.xyz.com to point to the public webserver ip. Then they should be able to access the mail server locally and public webserver.
  •  
asta

Messages: 29
Karma: 0
Send a private message to this user
I just resolved this by adding a record to my local dns to point users to our external ip when they navigate to www.xyz.com
Previous Topic: McAfee update error: update.ini is corrupt or missing
Next Topic: Default Spam Rule Question
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 12:47:22 CET 2017

Total time taken to generate the page: 0.00427 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.